mirror of
https://github.com/edk2-porting/linux-next.git
synced 2024-12-25 05:34:00 +08:00
16c61add51
This patch fixes a NULL dereference spotted by the Coverity checker. Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: David S. Miller <davem@davemloft.net>
912 lines
23 KiB
C
912 lines
23 KiB
C
/* RxRPC virtual connection handler
|
|
*
|
|
* Copyright (C) 2007 Red Hat, Inc. All Rights Reserved.
|
|
* Written by David Howells (dhowells@redhat.com)
|
|
*
|
|
* This program is free software; you can redistribute it and/or
|
|
* modify it under the terms of the GNU General Public License
|
|
* as published by the Free Software Foundation; either version
|
|
* 2 of the License, or (at your option) any later version.
|
|
*/
|
|
|
|
#include <linux/module.h>
|
|
#include <linux/net.h>
|
|
#include <linux/skbuff.h>
|
|
#include <linux/crypto.h>
|
|
#include <net/sock.h>
|
|
#include <net/af_rxrpc.h>
|
|
#include "ar-internal.h"
|
|
|
|
static void rxrpc_connection_reaper(struct work_struct *work);
|
|
|
|
LIST_HEAD(rxrpc_connections);
|
|
DEFINE_RWLOCK(rxrpc_connection_lock);
|
|
static unsigned long rxrpc_connection_timeout = 10 * 60;
|
|
static DECLARE_DELAYED_WORK(rxrpc_connection_reap, rxrpc_connection_reaper);
|
|
|
|
/*
|
|
* allocate a new client connection bundle
|
|
*/
|
|
static struct rxrpc_conn_bundle *rxrpc_alloc_bundle(gfp_t gfp)
|
|
{
|
|
struct rxrpc_conn_bundle *bundle;
|
|
|
|
_enter("");
|
|
|
|
bundle = kzalloc(sizeof(struct rxrpc_conn_bundle), gfp);
|
|
if (bundle) {
|
|
INIT_LIST_HEAD(&bundle->unused_conns);
|
|
INIT_LIST_HEAD(&bundle->avail_conns);
|
|
INIT_LIST_HEAD(&bundle->busy_conns);
|
|
init_waitqueue_head(&bundle->chanwait);
|
|
atomic_set(&bundle->usage, 1);
|
|
}
|
|
|
|
_leave(" = %p", bundle);
|
|
return bundle;
|
|
}
|
|
|
|
/*
|
|
* compare bundle parameters with what we're looking for
|
|
* - return -ve, 0 or +ve
|
|
*/
|
|
static inline
|
|
int rxrpc_cmp_bundle(const struct rxrpc_conn_bundle *bundle,
|
|
struct key *key, __be16 service_id)
|
|
{
|
|
return (bundle->service_id - service_id) ?:
|
|
((unsigned long) bundle->key - (unsigned long) key);
|
|
}
|
|
|
|
/*
|
|
* get bundle of client connections that a client socket can make use of
|
|
*/
|
|
struct rxrpc_conn_bundle *rxrpc_get_bundle(struct rxrpc_sock *rx,
|
|
struct rxrpc_transport *trans,
|
|
struct key *key,
|
|
__be16 service_id,
|
|
gfp_t gfp)
|
|
{
|
|
struct rxrpc_conn_bundle *bundle, *candidate;
|
|
struct rb_node *p, *parent, **pp;
|
|
|
|
_enter("%p{%x},%x,%hx,",
|
|
rx, key_serial(key), trans->debug_id, ntohl(service_id));
|
|
|
|
if (rx->trans == trans && rx->bundle) {
|
|
atomic_inc(&rx->bundle->usage);
|
|
return rx->bundle;
|
|
}
|
|
|
|
/* search the extant bundles first for one that matches the specified
|
|
* user ID */
|
|
spin_lock(&trans->client_lock);
|
|
|
|
p = trans->bundles.rb_node;
|
|
while (p) {
|
|
bundle = rb_entry(p, struct rxrpc_conn_bundle, node);
|
|
|
|
if (rxrpc_cmp_bundle(bundle, key, service_id) < 0)
|
|
p = p->rb_left;
|
|
else if (rxrpc_cmp_bundle(bundle, key, service_id) > 0)
|
|
p = p->rb_right;
|
|
else
|
|
goto found_extant_bundle;
|
|
}
|
|
|
|
spin_unlock(&trans->client_lock);
|
|
|
|
/* not yet present - create a candidate for a new record and then
|
|
* redo the search */
|
|
candidate = rxrpc_alloc_bundle(gfp);
|
|
if (!candidate) {
|
|
_leave(" = -ENOMEM");
|
|
return ERR_PTR(-ENOMEM);
|
|
}
|
|
|
|
candidate->key = key_get(key);
|
|
candidate->service_id = service_id;
|
|
|
|
spin_lock(&trans->client_lock);
|
|
|
|
pp = &trans->bundles.rb_node;
|
|
parent = NULL;
|
|
while (*pp) {
|
|
parent = *pp;
|
|
bundle = rb_entry(parent, struct rxrpc_conn_bundle, node);
|
|
|
|
if (rxrpc_cmp_bundle(bundle, key, service_id) < 0)
|
|
pp = &(*pp)->rb_left;
|
|
else if (rxrpc_cmp_bundle(bundle, key, service_id) > 0)
|
|
pp = &(*pp)->rb_right;
|
|
else
|
|
goto found_extant_second;
|
|
}
|
|
|
|
/* second search also failed; add the new bundle */
|
|
bundle = candidate;
|
|
candidate = NULL;
|
|
|
|
rb_link_node(&bundle->node, parent, pp);
|
|
rb_insert_color(&bundle->node, &trans->bundles);
|
|
spin_unlock(&trans->client_lock);
|
|
_net("BUNDLE new on trans %d", trans->debug_id);
|
|
if (!rx->bundle && rx->sk.sk_state == RXRPC_CLIENT_CONNECTED) {
|
|
atomic_inc(&bundle->usage);
|
|
rx->bundle = bundle;
|
|
}
|
|
_leave(" = %p [new]", bundle);
|
|
return bundle;
|
|
|
|
/* we found the bundle in the list immediately */
|
|
found_extant_bundle:
|
|
atomic_inc(&bundle->usage);
|
|
spin_unlock(&trans->client_lock);
|
|
_net("BUNDLE old on trans %d", trans->debug_id);
|
|
if (!rx->bundle && rx->sk.sk_state == RXRPC_CLIENT_CONNECTED) {
|
|
atomic_inc(&bundle->usage);
|
|
rx->bundle = bundle;
|
|
}
|
|
_leave(" = %p [extant %d]", bundle, atomic_read(&bundle->usage));
|
|
return bundle;
|
|
|
|
/* we found the bundle on the second time through the list */
|
|
found_extant_second:
|
|
atomic_inc(&bundle->usage);
|
|
spin_unlock(&trans->client_lock);
|
|
kfree(candidate);
|
|
_net("BUNDLE old2 on trans %d", trans->debug_id);
|
|
if (!rx->bundle && rx->sk.sk_state == RXRPC_CLIENT_CONNECTED) {
|
|
atomic_inc(&bundle->usage);
|
|
rx->bundle = bundle;
|
|
}
|
|
_leave(" = %p [second %d]", bundle, atomic_read(&bundle->usage));
|
|
return bundle;
|
|
}
|
|
|
|
/*
|
|
* release a bundle
|
|
*/
|
|
void rxrpc_put_bundle(struct rxrpc_transport *trans,
|
|
struct rxrpc_conn_bundle *bundle)
|
|
{
|
|
_enter("%p,%p{%d}",trans, bundle, atomic_read(&bundle->usage));
|
|
|
|
if (atomic_dec_and_lock(&bundle->usage, &trans->client_lock)) {
|
|
_debug("Destroy bundle");
|
|
rb_erase(&bundle->node, &trans->bundles);
|
|
spin_unlock(&trans->client_lock);
|
|
ASSERT(list_empty(&bundle->unused_conns));
|
|
ASSERT(list_empty(&bundle->avail_conns));
|
|
ASSERT(list_empty(&bundle->busy_conns));
|
|
ASSERTCMP(bundle->num_conns, ==, 0);
|
|
key_put(bundle->key);
|
|
kfree(bundle);
|
|
}
|
|
|
|
_leave("");
|
|
}
|
|
|
|
/*
|
|
* allocate a new connection
|
|
*/
|
|
static struct rxrpc_connection *rxrpc_alloc_connection(gfp_t gfp)
|
|
{
|
|
struct rxrpc_connection *conn;
|
|
|
|
_enter("");
|
|
|
|
conn = kzalloc(sizeof(struct rxrpc_connection), gfp);
|
|
if (conn) {
|
|
INIT_WORK(&conn->processor, &rxrpc_process_connection);
|
|
INIT_LIST_HEAD(&conn->bundle_link);
|
|
conn->calls = RB_ROOT;
|
|
skb_queue_head_init(&conn->rx_queue);
|
|
rwlock_init(&conn->lock);
|
|
spin_lock_init(&conn->state_lock);
|
|
atomic_set(&conn->usage, 1);
|
|
conn->debug_id = atomic_inc_return(&rxrpc_debug_id);
|
|
conn->avail_calls = RXRPC_MAXCALLS;
|
|
conn->size_align = 4;
|
|
conn->header_size = sizeof(struct rxrpc_header);
|
|
}
|
|
|
|
_leave(" = %p{%d}", conn, conn ? conn->debug_id : 0);
|
|
return conn;
|
|
}
|
|
|
|
/*
|
|
* assign a connection ID to a connection and add it to the transport's
|
|
* connection lookup tree
|
|
* - called with transport client lock held
|
|
*/
|
|
static void rxrpc_assign_connection_id(struct rxrpc_connection *conn)
|
|
{
|
|
struct rxrpc_connection *xconn;
|
|
struct rb_node *parent, **p;
|
|
__be32 epoch;
|
|
u32 real_conn_id;
|
|
|
|
_enter("");
|
|
|
|
epoch = conn->epoch;
|
|
|
|
write_lock_bh(&conn->trans->conn_lock);
|
|
|
|
conn->trans->conn_idcounter += RXRPC_CID_INC;
|
|
if (conn->trans->conn_idcounter < RXRPC_CID_INC)
|
|
conn->trans->conn_idcounter = RXRPC_CID_INC;
|
|
real_conn_id = conn->trans->conn_idcounter;
|
|
|
|
attempt_insertion:
|
|
parent = NULL;
|
|
p = &conn->trans->client_conns.rb_node;
|
|
|
|
while (*p) {
|
|
parent = *p;
|
|
xconn = rb_entry(parent, struct rxrpc_connection, node);
|
|
|
|
if (epoch < xconn->epoch)
|
|
p = &(*p)->rb_left;
|
|
else if (epoch > xconn->epoch)
|
|
p = &(*p)->rb_right;
|
|
else if (real_conn_id < xconn->real_conn_id)
|
|
p = &(*p)->rb_left;
|
|
else if (real_conn_id > xconn->real_conn_id)
|
|
p = &(*p)->rb_right;
|
|
else
|
|
goto id_exists;
|
|
}
|
|
|
|
/* we've found a suitable hole - arrange for this connection to occupy
|
|
* it */
|
|
rb_link_node(&conn->node, parent, p);
|
|
rb_insert_color(&conn->node, &conn->trans->client_conns);
|
|
|
|
conn->real_conn_id = real_conn_id;
|
|
conn->cid = htonl(real_conn_id);
|
|
write_unlock_bh(&conn->trans->conn_lock);
|
|
_leave(" [CONNID %x CID %x]", real_conn_id, ntohl(conn->cid));
|
|
return;
|
|
|
|
/* we found a connection with the proposed ID - walk the tree from that
|
|
* point looking for the next unused ID */
|
|
id_exists:
|
|
for (;;) {
|
|
real_conn_id += RXRPC_CID_INC;
|
|
if (real_conn_id < RXRPC_CID_INC) {
|
|
real_conn_id = RXRPC_CID_INC;
|
|
conn->trans->conn_idcounter = real_conn_id;
|
|
goto attempt_insertion;
|
|
}
|
|
|
|
parent = rb_next(parent);
|
|
if (!parent)
|
|
goto attempt_insertion;
|
|
|
|
xconn = rb_entry(parent, struct rxrpc_connection, node);
|
|
if (epoch < xconn->epoch ||
|
|
real_conn_id < xconn->real_conn_id)
|
|
goto attempt_insertion;
|
|
}
|
|
}
|
|
|
|
/*
|
|
* add a call to a connection's call-by-ID tree
|
|
*/
|
|
static void rxrpc_add_call_ID_to_conn(struct rxrpc_connection *conn,
|
|
struct rxrpc_call *call)
|
|
{
|
|
struct rxrpc_call *xcall;
|
|
struct rb_node *parent, **p;
|
|
__be32 call_id;
|
|
|
|
write_lock_bh(&conn->lock);
|
|
|
|
call_id = call->call_id;
|
|
p = &conn->calls.rb_node;
|
|
parent = NULL;
|
|
while (*p) {
|
|
parent = *p;
|
|
xcall = rb_entry(parent, struct rxrpc_call, conn_node);
|
|
|
|
if (call_id < xcall->call_id)
|
|
p = &(*p)->rb_left;
|
|
else if (call_id > xcall->call_id)
|
|
p = &(*p)->rb_right;
|
|
else
|
|
BUG();
|
|
}
|
|
|
|
rb_link_node(&call->conn_node, parent, p);
|
|
rb_insert_color(&call->conn_node, &conn->calls);
|
|
|
|
write_unlock_bh(&conn->lock);
|
|
}
|
|
|
|
/*
|
|
* connect a call on an exclusive connection
|
|
*/
|
|
static int rxrpc_connect_exclusive(struct rxrpc_sock *rx,
|
|
struct rxrpc_transport *trans,
|
|
__be16 service_id,
|
|
struct rxrpc_call *call,
|
|
gfp_t gfp)
|
|
{
|
|
struct rxrpc_connection *conn;
|
|
int chan, ret;
|
|
|
|
_enter("");
|
|
|
|
conn = rx->conn;
|
|
if (!conn) {
|
|
/* not yet present - create a candidate for a new connection
|
|
* and then redo the check */
|
|
conn = rxrpc_alloc_connection(gfp);
|
|
if (IS_ERR(conn)) {
|
|
_leave(" = %ld", PTR_ERR(conn));
|
|
return PTR_ERR(conn);
|
|
}
|
|
|
|
conn->trans = trans;
|
|
conn->bundle = NULL;
|
|
conn->service_id = service_id;
|
|
conn->epoch = rxrpc_epoch;
|
|
conn->in_clientflag = 0;
|
|
conn->out_clientflag = RXRPC_CLIENT_INITIATED;
|
|
conn->cid = 0;
|
|
conn->state = RXRPC_CONN_CLIENT;
|
|
conn->avail_calls = RXRPC_MAXCALLS - 1;
|
|
conn->security_level = rx->min_sec_level;
|
|
conn->key = key_get(rx->key);
|
|
|
|
ret = rxrpc_init_client_conn_security(conn);
|
|
if (ret < 0) {
|
|
key_put(conn->key);
|
|
kfree(conn);
|
|
_leave(" = %d [key]", ret);
|
|
return ret;
|
|
}
|
|
|
|
write_lock_bh(&rxrpc_connection_lock);
|
|
list_add_tail(&conn->link, &rxrpc_connections);
|
|
write_unlock_bh(&rxrpc_connection_lock);
|
|
|
|
spin_lock(&trans->client_lock);
|
|
atomic_inc(&trans->usage);
|
|
|
|
_net("CONNECT EXCL new %d on TRANS %d",
|
|
conn->debug_id, conn->trans->debug_id);
|
|
|
|
rxrpc_assign_connection_id(conn);
|
|
rx->conn = conn;
|
|
}
|
|
|
|
/* we've got a connection with a free channel and we can now attach the
|
|
* call to it
|
|
* - we're holding the transport's client lock
|
|
* - we're holding a reference on the connection
|
|
*/
|
|
for (chan = 0; chan < RXRPC_MAXCALLS; chan++)
|
|
if (!conn->channels[chan])
|
|
goto found_channel;
|
|
goto no_free_channels;
|
|
|
|
found_channel:
|
|
atomic_inc(&conn->usage);
|
|
conn->channels[chan] = call;
|
|
call->conn = conn;
|
|
call->channel = chan;
|
|
call->cid = conn->cid | htonl(chan);
|
|
call->call_id = htonl(++conn->call_counter);
|
|
|
|
_net("CONNECT client on conn %d chan %d as call %x",
|
|
conn->debug_id, chan, ntohl(call->call_id));
|
|
|
|
spin_unlock(&trans->client_lock);
|
|
|
|
rxrpc_add_call_ID_to_conn(conn, call);
|
|
_leave(" = 0");
|
|
return 0;
|
|
|
|
no_free_channels:
|
|
spin_unlock(&trans->client_lock);
|
|
_leave(" = -ENOSR");
|
|
return -ENOSR;
|
|
}
|
|
|
|
/*
|
|
* find a connection for a call
|
|
* - called in process context with IRQs enabled
|
|
*/
|
|
int rxrpc_connect_call(struct rxrpc_sock *rx,
|
|
struct rxrpc_transport *trans,
|
|
struct rxrpc_conn_bundle *bundle,
|
|
struct rxrpc_call *call,
|
|
gfp_t gfp)
|
|
{
|
|
struct rxrpc_connection *conn, *candidate;
|
|
int chan, ret;
|
|
|
|
DECLARE_WAITQUEUE(myself, current);
|
|
|
|
_enter("%p,%lx,", rx, call->user_call_ID);
|
|
|
|
if (test_bit(RXRPC_SOCK_EXCLUSIVE_CONN, &rx->flags))
|
|
return rxrpc_connect_exclusive(rx, trans, bundle->service_id,
|
|
call, gfp);
|
|
|
|
spin_lock(&trans->client_lock);
|
|
for (;;) {
|
|
/* see if the bundle has a call slot available */
|
|
if (!list_empty(&bundle->avail_conns)) {
|
|
_debug("avail");
|
|
conn = list_entry(bundle->avail_conns.next,
|
|
struct rxrpc_connection,
|
|
bundle_link);
|
|
if (--conn->avail_calls == 0)
|
|
list_move(&conn->bundle_link,
|
|
&bundle->busy_conns);
|
|
ASSERTCMP(conn->avail_calls, <, RXRPC_MAXCALLS);
|
|
ASSERT(conn->channels[0] == NULL ||
|
|
conn->channels[1] == NULL ||
|
|
conn->channels[2] == NULL ||
|
|
conn->channels[3] == NULL);
|
|
atomic_inc(&conn->usage);
|
|
break;
|
|
}
|
|
|
|
if (!list_empty(&bundle->unused_conns)) {
|
|
_debug("unused");
|
|
conn = list_entry(bundle->unused_conns.next,
|
|
struct rxrpc_connection,
|
|
bundle_link);
|
|
ASSERTCMP(conn->avail_calls, ==, RXRPC_MAXCALLS);
|
|
conn->avail_calls = RXRPC_MAXCALLS - 1;
|
|
ASSERT(conn->channels[0] == NULL &&
|
|
conn->channels[1] == NULL &&
|
|
conn->channels[2] == NULL &&
|
|
conn->channels[3] == NULL);
|
|
atomic_inc(&conn->usage);
|
|
list_move(&conn->bundle_link, &bundle->avail_conns);
|
|
break;
|
|
}
|
|
|
|
/* need to allocate a new connection */
|
|
_debug("get new conn [%d]", bundle->num_conns);
|
|
|
|
spin_unlock(&trans->client_lock);
|
|
|
|
if (signal_pending(current))
|
|
goto interrupted;
|
|
|
|
if (bundle->num_conns >= 20) {
|
|
_debug("too many conns");
|
|
|
|
if (!(gfp & __GFP_WAIT)) {
|
|
_leave(" = -EAGAIN");
|
|
return -EAGAIN;
|
|
}
|
|
|
|
add_wait_queue(&bundle->chanwait, &myself);
|
|
for (;;) {
|
|
set_current_state(TASK_INTERRUPTIBLE);
|
|
if (bundle->num_conns < 20 ||
|
|
!list_empty(&bundle->unused_conns) ||
|
|
!list_empty(&bundle->avail_conns))
|
|
break;
|
|
if (signal_pending(current))
|
|
goto interrupted_dequeue;
|
|
schedule();
|
|
}
|
|
remove_wait_queue(&bundle->chanwait, &myself);
|
|
__set_current_state(TASK_RUNNING);
|
|
spin_lock(&trans->client_lock);
|
|
continue;
|
|
}
|
|
|
|
/* not yet present - create a candidate for a new connection and then
|
|
* redo the check */
|
|
candidate = rxrpc_alloc_connection(gfp);
|
|
if (IS_ERR(candidate)) {
|
|
_leave(" = %ld", PTR_ERR(candidate));
|
|
return PTR_ERR(candidate);
|
|
}
|
|
|
|
candidate->trans = trans;
|
|
candidate->bundle = bundle;
|
|
candidate->service_id = bundle->service_id;
|
|
candidate->epoch = rxrpc_epoch;
|
|
candidate->in_clientflag = 0;
|
|
candidate->out_clientflag = RXRPC_CLIENT_INITIATED;
|
|
candidate->cid = 0;
|
|
candidate->state = RXRPC_CONN_CLIENT;
|
|
candidate->avail_calls = RXRPC_MAXCALLS;
|
|
candidate->security_level = rx->min_sec_level;
|
|
candidate->key = key_get(bundle->key);
|
|
|
|
ret = rxrpc_init_client_conn_security(candidate);
|
|
if (ret < 0) {
|
|
key_put(candidate->key);
|
|
kfree(candidate);
|
|
_leave(" = %d [key]", ret);
|
|
return ret;
|
|
}
|
|
|
|
write_lock_bh(&rxrpc_connection_lock);
|
|
list_add_tail(&candidate->link, &rxrpc_connections);
|
|
write_unlock_bh(&rxrpc_connection_lock);
|
|
|
|
spin_lock(&trans->client_lock);
|
|
|
|
list_add(&candidate->bundle_link, &bundle->unused_conns);
|
|
bundle->num_conns++;
|
|
atomic_inc(&bundle->usage);
|
|
atomic_inc(&trans->usage);
|
|
|
|
_net("CONNECT new %d on TRANS %d",
|
|
candidate->debug_id, candidate->trans->debug_id);
|
|
|
|
rxrpc_assign_connection_id(candidate);
|
|
if (candidate->security)
|
|
candidate->security->prime_packet_security(candidate);
|
|
|
|
/* leave the candidate lurking in zombie mode attached to the
|
|
* bundle until we're ready for it */
|
|
rxrpc_put_connection(candidate);
|
|
candidate = NULL;
|
|
}
|
|
|
|
/* we've got a connection with a free channel and we can now attach the
|
|
* call to it
|
|
* - we're holding the transport's client lock
|
|
* - we're holding a reference on the connection
|
|
* - we're holding a reference on the bundle
|
|
*/
|
|
for (chan = 0; chan < RXRPC_MAXCALLS; chan++)
|
|
if (!conn->channels[chan])
|
|
goto found_channel;
|
|
ASSERT(conn->channels[0] == NULL ||
|
|
conn->channels[1] == NULL ||
|
|
conn->channels[2] == NULL ||
|
|
conn->channels[3] == NULL);
|
|
BUG();
|
|
|
|
found_channel:
|
|
conn->channels[chan] = call;
|
|
call->conn = conn;
|
|
call->channel = chan;
|
|
call->cid = conn->cid | htonl(chan);
|
|
call->call_id = htonl(++conn->call_counter);
|
|
|
|
_net("CONNECT client on conn %d chan %d as call %x",
|
|
conn->debug_id, chan, ntohl(call->call_id));
|
|
|
|
ASSERTCMP(conn->avail_calls, <, RXRPC_MAXCALLS);
|
|
spin_unlock(&trans->client_lock);
|
|
|
|
rxrpc_add_call_ID_to_conn(conn, call);
|
|
|
|
_leave(" = 0");
|
|
return 0;
|
|
|
|
interrupted_dequeue:
|
|
remove_wait_queue(&bundle->chanwait, &myself);
|
|
__set_current_state(TASK_RUNNING);
|
|
interrupted:
|
|
_leave(" = -ERESTARTSYS");
|
|
return -ERESTARTSYS;
|
|
}
|
|
|
|
/*
|
|
* get a record of an incoming connection
|
|
*/
|
|
struct rxrpc_connection *
|
|
rxrpc_incoming_connection(struct rxrpc_transport *trans,
|
|
struct rxrpc_header *hdr,
|
|
gfp_t gfp)
|
|
{
|
|
struct rxrpc_connection *conn, *candidate = NULL;
|
|
struct rb_node *p, **pp;
|
|
const char *new = "old";
|
|
__be32 epoch;
|
|
u32 conn_id;
|
|
|
|
_enter("");
|
|
|
|
ASSERT(hdr->flags & RXRPC_CLIENT_INITIATED);
|
|
|
|
epoch = hdr->epoch;
|
|
conn_id = ntohl(hdr->cid) & RXRPC_CIDMASK;
|
|
|
|
/* search the connection list first */
|
|
read_lock_bh(&trans->conn_lock);
|
|
|
|
p = trans->server_conns.rb_node;
|
|
while (p) {
|
|
conn = rb_entry(p, struct rxrpc_connection, node);
|
|
|
|
_debug("maybe %x", conn->real_conn_id);
|
|
|
|
if (epoch < conn->epoch)
|
|
p = p->rb_left;
|
|
else if (epoch > conn->epoch)
|
|
p = p->rb_right;
|
|
else if (conn_id < conn->real_conn_id)
|
|
p = p->rb_left;
|
|
else if (conn_id > conn->real_conn_id)
|
|
p = p->rb_right;
|
|
else
|
|
goto found_extant_connection;
|
|
}
|
|
read_unlock_bh(&trans->conn_lock);
|
|
|
|
/* not yet present - create a candidate for a new record and then
|
|
* redo the search */
|
|
candidate = rxrpc_alloc_connection(gfp);
|
|
if (!candidate) {
|
|
_leave(" = -ENOMEM");
|
|
return ERR_PTR(-ENOMEM);
|
|
}
|
|
|
|
candidate->trans = trans;
|
|
candidate->epoch = hdr->epoch;
|
|
candidate->cid = hdr->cid & __constant_cpu_to_be32(RXRPC_CIDMASK);
|
|
candidate->service_id = hdr->serviceId;
|
|
candidate->security_ix = hdr->securityIndex;
|
|
candidate->in_clientflag = RXRPC_CLIENT_INITIATED;
|
|
candidate->out_clientflag = 0;
|
|
candidate->real_conn_id = conn_id;
|
|
candidate->state = RXRPC_CONN_SERVER;
|
|
if (candidate->service_id)
|
|
candidate->state = RXRPC_CONN_SERVER_UNSECURED;
|
|
|
|
write_lock_bh(&trans->conn_lock);
|
|
|
|
pp = &trans->server_conns.rb_node;
|
|
p = NULL;
|
|
while (*pp) {
|
|
p = *pp;
|
|
conn = rb_entry(p, struct rxrpc_connection, node);
|
|
|
|
if (epoch < conn->epoch)
|
|
pp = &(*pp)->rb_left;
|
|
else if (epoch > conn->epoch)
|
|
pp = &(*pp)->rb_right;
|
|
else if (conn_id < conn->real_conn_id)
|
|
pp = &(*pp)->rb_left;
|
|
else if (conn_id > conn->real_conn_id)
|
|
pp = &(*pp)->rb_right;
|
|
else
|
|
goto found_extant_second;
|
|
}
|
|
|
|
/* we can now add the new candidate to the list */
|
|
conn = candidate;
|
|
candidate = NULL;
|
|
rb_link_node(&conn->node, p, pp);
|
|
rb_insert_color(&conn->node, &trans->server_conns);
|
|
atomic_inc(&conn->trans->usage);
|
|
|
|
write_unlock_bh(&trans->conn_lock);
|
|
|
|
write_lock_bh(&rxrpc_connection_lock);
|
|
list_add_tail(&conn->link, &rxrpc_connections);
|
|
write_unlock_bh(&rxrpc_connection_lock);
|
|
|
|
new = "new";
|
|
|
|
success:
|
|
_net("CONNECTION %s %d {%x}", new, conn->debug_id, conn->real_conn_id);
|
|
|
|
_leave(" = %p {u=%d}", conn, atomic_read(&conn->usage));
|
|
return conn;
|
|
|
|
/* we found the connection in the list immediately */
|
|
found_extant_connection:
|
|
if (hdr->securityIndex != conn->security_ix) {
|
|
read_unlock_bh(&trans->conn_lock);
|
|
goto security_mismatch;
|
|
}
|
|
atomic_inc(&conn->usage);
|
|
read_unlock_bh(&trans->conn_lock);
|
|
goto success;
|
|
|
|
/* we found the connection on the second time through the list */
|
|
found_extant_second:
|
|
if (hdr->securityIndex != conn->security_ix) {
|
|
write_unlock_bh(&trans->conn_lock);
|
|
goto security_mismatch;
|
|
}
|
|
atomic_inc(&conn->usage);
|
|
write_unlock_bh(&trans->conn_lock);
|
|
kfree(candidate);
|
|
goto success;
|
|
|
|
security_mismatch:
|
|
kfree(candidate);
|
|
_leave(" = -EKEYREJECTED");
|
|
return ERR_PTR(-EKEYREJECTED);
|
|
}
|
|
|
|
/*
|
|
* find a connection based on transport and RxRPC connection ID for an incoming
|
|
* packet
|
|
*/
|
|
struct rxrpc_connection *rxrpc_find_connection(struct rxrpc_transport *trans,
|
|
struct rxrpc_header *hdr)
|
|
{
|
|
struct rxrpc_connection *conn;
|
|
struct rb_node *p;
|
|
__be32 epoch;
|
|
u32 conn_id;
|
|
|
|
_enter(",{%x,%x}", ntohl(hdr->cid), hdr->flags);
|
|
|
|
read_lock_bh(&trans->conn_lock);
|
|
|
|
conn_id = ntohl(hdr->cid) & RXRPC_CIDMASK;
|
|
epoch = hdr->epoch;
|
|
|
|
if (hdr->flags & RXRPC_CLIENT_INITIATED)
|
|
p = trans->server_conns.rb_node;
|
|
else
|
|
p = trans->client_conns.rb_node;
|
|
|
|
while (p) {
|
|
conn = rb_entry(p, struct rxrpc_connection, node);
|
|
|
|
_debug("maybe %x", conn->real_conn_id);
|
|
|
|
if (epoch < conn->epoch)
|
|
p = p->rb_left;
|
|
else if (epoch > conn->epoch)
|
|
p = p->rb_right;
|
|
else if (conn_id < conn->real_conn_id)
|
|
p = p->rb_left;
|
|
else if (conn_id > conn->real_conn_id)
|
|
p = p->rb_right;
|
|
else
|
|
goto found;
|
|
}
|
|
|
|
read_unlock_bh(&trans->conn_lock);
|
|
_leave(" = NULL");
|
|
return NULL;
|
|
|
|
found:
|
|
atomic_inc(&conn->usage);
|
|
read_unlock_bh(&trans->conn_lock);
|
|
_leave(" = %p", conn);
|
|
return conn;
|
|
}
|
|
|
|
/*
|
|
* release a virtual connection
|
|
*/
|
|
void rxrpc_put_connection(struct rxrpc_connection *conn)
|
|
{
|
|
_enter("%p{u=%d,d=%d}",
|
|
conn, atomic_read(&conn->usage), conn->debug_id);
|
|
|
|
ASSERTCMP(atomic_read(&conn->usage), >, 0);
|
|
|
|
conn->put_time = xtime.tv_sec;
|
|
if (atomic_dec_and_test(&conn->usage)) {
|
|
_debug("zombie");
|
|
rxrpc_queue_delayed_work(&rxrpc_connection_reap, 0);
|
|
}
|
|
|
|
_leave("");
|
|
}
|
|
|
|
/*
|
|
* destroy a virtual connection
|
|
*/
|
|
static void rxrpc_destroy_connection(struct rxrpc_connection *conn)
|
|
{
|
|
_enter("%p{%d}", conn, atomic_read(&conn->usage));
|
|
|
|
ASSERTCMP(atomic_read(&conn->usage), ==, 0);
|
|
|
|
_net("DESTROY CONN %d", conn->debug_id);
|
|
|
|
if (conn->bundle)
|
|
rxrpc_put_bundle(conn->trans, conn->bundle);
|
|
|
|
ASSERT(RB_EMPTY_ROOT(&conn->calls));
|
|
rxrpc_purge_queue(&conn->rx_queue);
|
|
|
|
rxrpc_clear_conn_security(conn);
|
|
rxrpc_put_transport(conn->trans);
|
|
kfree(conn);
|
|
_leave("");
|
|
}
|
|
|
|
/*
|
|
* reap dead connections
|
|
*/
|
|
void rxrpc_connection_reaper(struct work_struct *work)
|
|
{
|
|
struct rxrpc_connection *conn, *_p;
|
|
unsigned long now, earliest, reap_time;
|
|
|
|
LIST_HEAD(graveyard);
|
|
|
|
_enter("");
|
|
|
|
now = xtime.tv_sec;
|
|
earliest = ULONG_MAX;
|
|
|
|
write_lock_bh(&rxrpc_connection_lock);
|
|
list_for_each_entry_safe(conn, _p, &rxrpc_connections, link) {
|
|
_debug("reap CONN %d { u=%d,t=%ld }",
|
|
conn->debug_id, atomic_read(&conn->usage),
|
|
(long) now - (long) conn->put_time);
|
|
|
|
if (likely(atomic_read(&conn->usage) > 0))
|
|
continue;
|
|
|
|
spin_lock(&conn->trans->client_lock);
|
|
write_lock(&conn->trans->conn_lock);
|
|
reap_time = conn->put_time + rxrpc_connection_timeout;
|
|
|
|
if (atomic_read(&conn->usage) > 0) {
|
|
;
|
|
} else if (reap_time <= now) {
|
|
list_move_tail(&conn->link, &graveyard);
|
|
if (conn->out_clientflag)
|
|
rb_erase(&conn->node,
|
|
&conn->trans->client_conns);
|
|
else
|
|
rb_erase(&conn->node,
|
|
&conn->trans->server_conns);
|
|
if (conn->bundle) {
|
|
list_del_init(&conn->bundle_link);
|
|
conn->bundle->num_conns--;
|
|
}
|
|
|
|
} else if (reap_time < earliest) {
|
|
earliest = reap_time;
|
|
}
|
|
|
|
write_unlock(&conn->trans->conn_lock);
|
|
spin_unlock(&conn->trans->client_lock);
|
|
}
|
|
write_unlock_bh(&rxrpc_connection_lock);
|
|
|
|
if (earliest != ULONG_MAX) {
|
|
_debug("reschedule reaper %ld", (long) earliest - now);
|
|
ASSERTCMP(earliest, >, now);
|
|
rxrpc_queue_delayed_work(&rxrpc_connection_reap,
|
|
(earliest - now) * HZ);
|
|
}
|
|
|
|
/* then destroy all those pulled out */
|
|
while (!list_empty(&graveyard)) {
|
|
conn = list_entry(graveyard.next, struct rxrpc_connection,
|
|
link);
|
|
list_del_init(&conn->link);
|
|
|
|
ASSERTCMP(atomic_read(&conn->usage), ==, 0);
|
|
rxrpc_destroy_connection(conn);
|
|
}
|
|
|
|
_leave("");
|
|
}
|
|
|
|
/*
|
|
* preemptively destroy all the connection records rather than waiting for them
|
|
* to time out
|
|
*/
|
|
void __exit rxrpc_destroy_all_connections(void)
|
|
{
|
|
_enter("");
|
|
|
|
rxrpc_connection_timeout = 0;
|
|
cancel_delayed_work(&rxrpc_connection_reap);
|
|
rxrpc_queue_delayed_work(&rxrpc_connection_reap, 0);
|
|
|
|
_leave("");
|
|
}
|